/*
 *  fuc microcode for g98 sec engine
 *  Copyright (C) 2010  Marcin Kościelnicki
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

.section #g98_sec_data

ctx_dma:
ctx_dma_query:		.b32 0
ctx_dma_src:		.b32 0
ctx_dma_dst:		.b32 0
.equ #dma_count 3
ctx_query_address_high:	.b32 0
ctx_query_address_low:	.b32 0
ctx_query_counter:	.b32 0
ctx_cond_address_high:	.b32 0
ctx_cond_address_low:	.b32 0
ctx_cond_off:		.b32 0
ctx_src_address_high:	.b32 0
ctx_src_address_low:	.b32 0
ctx_dst_address_high:	.b32 0
ctx_dst_address_low:	.b32 0
ctx_mode:		.b32 0
.align 16
ctx_key:		.skip 16
ctx_iv:			.skip 16

.align 0x80
swap:
.skip 32

.align 8
common_cmd_dtable:
.b32 #ctx_query_address_high + 0x20000 ~0xff
.b32 #ctx_query_address_low + 0x20000 ~0xfffffff0
.b32 #ctx_query_counter + 0x20000 ~0xffffffff
.b32 #cmd_query_get + 0x00000 ~1
.b32 #ctx_cond_address_high + 0x20000 ~0xff
.b32 #ctx_cond_address_low + 0x20000 ~0xfffffff0
.b32 #cmd_cond_mode + 0x00000 ~7
.b32 #cmd_wrcache_flush + 0x00000 ~0
.equ #common_cmd_max 0x88


.align 8
engine_cmd_dtable:
.b32 #ctx_key + 0x0 + 0x20000 ~0xffffffff
.b32 #ctx_key + 0x4 + 0x20000 ~0xffffffff
.b32 #ctx_key + 0x8 + 0x20000 ~0xffffffff
.b32 #ctx_key + 0xc + 0x20000 ~0xffffffff
.b32 #ctx_iv + 0x0 + 0x20000 ~0xffffffff
.b32 #ctx_iv + 0x4 + 0x20000 ~0xffffffff
.b32 #ctx_iv + 0x8 + 0x20000 ~0xffffffff
.b32 #ctx_iv + 0xc + 0x20000 ~0xffffffff
.b32 #ctx_src_address_high + 0x20000 ~0xff
.b32 #ctx_src_address_low + 0x20000 ~0xfffffff0
.b32 #ctx_dst_address_high + 0x20000 ~0xff
.b32 #ctx_dst_address_low + 0x20000 ~0xfffffff0
.b32 #sec_cmd_mode + 0x00000 ~0xf
.b32 #sec_cmd_length + 0x10000 ~0x0ffffff0
.equ #engine_cmd_max 0xce

.align 4
sec_dtable:
.b16 #sec_copy_prep #sec_do_inout
.b16 #sec_store_prep #sec_do_out
.b16 #sec_ecb_e_prep #sec_do_inout
.b16 #sec_ecb_d_prep #sec_do_inout
.b16 #sec_cbc_e_prep #sec_do_inout
.b16 #sec_cbc_d_prep #sec_do_inout
.b16 #sec_pcbc_e_prep #sec_do_inout
.b16 #sec_pcbc_d_prep #sec_do_inout
.b16 #sec_cfb_e_prep #sec_do_inout
.b16 #sec_cfb_d_prep #sec_do_inout
.b16 #sec_ofb_prep #sec_do_inout
.b16 #sec_ctr_prep #sec_do_inout
.b16 #sec_cbc_mac_prep #sec_do_in
.b16 #sec_cmac_finish_complete_prep #sec_do_in
.b16 #sec_cmac_finish_partial_prep #sec_do_in

.align 0x100

.section #g98_sec_code

	// $r0 is always set to 0 in our code - this allows some space savings.
	clear b32 $r0

	// set up the interrupt handler
	mov $r1 #ih
	mov $iv0 $r1

	// init stack pointer
	mov $sp $r0

	// set interrupt dispatch - route timer, fifo, ctxswitch to i0, others to host
	movw $r1 0xfff0
	sethi $r1 0
	mov $r2 0x400
	iowr I[$r2 + 0x300] $r1

	// enable the interrupts
	or $r1 0xc
	iowr I[$r2] $r1

	// enable fifo access and context switching
	mov $r1 3
	mov $r2 0x1200
	iowr I[$r2] $r1

	// enable i0 delivery
	bset $flags ie0

	// sleep forver, waking only for interrupts.
	bset $flags $p0
	spin:
	sleep $p0
	bra #spin

// i0 handler
ih:
	// see which interrupts we got
	iord $r1 I[$r0 + 0x200]

	and $r2 $r1 0x8
	cmpu b32 $r2 0
	bra e #noctx

		// context switch... prepare the regs for xfer
		mov $r2 0x7700
		mov $xtargets $r2
		mov $xdbase $r0
		// 128-byte context.
		mov $r2 0
		sethi $r2 0x50000

		// read current channel
		mov $r3 0x1400
		iord $r4 I[$r3]
		// if bit 30 set, it's active, so we have to unload it first.
		shl b32 $r5 $r4 1
		cmps b32 $r5 0
		bra nc #ctxload

			// unload the current channel - save the context
			xdst $r0 $r2
			xdwait
			// and clear bit 30, then write back
			bclr $r4 0x1e
			iowr I[$r3] $r4
			// tell PFIFO we unloaded
			mov $r4 1
			iowr I[$r3 + 0x200] $r4

		bra #noctx

		ctxload:
			// no channel loaded - perhaps we're requested to load one
			iord $r4 I[$r3 + 0x100]
			shl b32 $r15 $r4 1
			cmps b32 $r15 0
			// if bit 30 of next channel not set, probably PFIFO is just
			// killing a context. do a faux load, without the active bit.
			bra nc #dummyload

				// ok, do a real context load.
				xdld $r0 $r2
				xdwait
				mov $r5 #ctx_dma
				mov $r6 #dma_count - 1
				ctxload_dma_loop:
					ld b32 $r7 D[$r5 + $r6 * 4]
					add b32 $r8 $r6 0x180
					shl b32 $r8 8
					iowr I[$r8] $r7
					sub b32 $r6 1
				bra nc #ctxload_dma_loop

			dummyload:
			// tell PFIFO we're done
			mov $r5 2
			iowr I[$r3 + 0x200] $r5

	noctx:
	and $r2 $r1 0x4
	cmpu b32 $r2 0
	bra e #nocmd

		// incoming fifo command.
		mov $r3 0x1900
		iord $r2 I[$r3 + 0x100]
		iord $r3 I[$r3]
		// extract the method
		and $r4 $r2 0x7ff
		// shift the addr to proper position if we need to interrupt later
		shl b32 $r2 0x10

		// mthd 0 and 0x100 [NAME, NOP]: ignore
		and $r5 $r4 0x7bf
		cmpu b32 $r5 0
		bra e #cmddone

		mov $r5 #engine_cmd_dtable - 0xc0 * 8
		mov $r6 #engine_cmd_max
		cmpu b32 $r4 0xc0
		bra nc #dtable_cmd
		mov $r5 #common_cmd_dtable - 0x80 * 8
		mov $r6 #common_cmd_max
		cmpu b32 $r4 0x80
		bra nc #dtable_cmd
		cmpu b32 $r4 0x60
		bra nc #dma_cmd
		cmpu b32 $r4 0x50
		bra ne #illegal_mthd

			// mthd 0x140: PM_TRIGGER
			mov $r2 0x2200
			clear b32 $r3
			sethi $r3 0x20000
			iowr I[$r2] $r3
			bra #cmddone

		dma_cmd:
			// mthd 0x180...: DMA_*
			cmpu b32 $r4 0x60+#dma_count
			bra nc #illegal_mthd
			shl b32 $r5 $r4 2
			add b32 $r5 ((#ctx_dma - 0x60 * 4) & 0xffff)
			bset $r3 0x1e
			st b32 D[$r5] $r3
			add b32 $r4 0x180 - 0x60
			shl b32 $r4 8
			iowr I[$r4] $r3
			bra #cmddone

		dtable_cmd:
			cmpu b32 $r4 $r6
			bra nc #illegal_mthd
			shl b32 $r4 3
			add b32 $r4 $r5
			ld b32 $r5 D[$r4 + 4]
			and $r5 $r3
			cmpu b32 $r5 0
			bra ne #invalid_bitfield
			ld b16 $r5 D[$r4]
			ld b16 $r6 D[$r4 + 2]
			cmpu b32 $r6 2
			bra e #cmd_setctx
			ld b32 $r7 D[$r0 + #ctx_cond_off]
			and $r6 $r7
			cmpu b32 $r6 1
			bra e #cmddone
			call $r5
			bra $p1 #dispatch_error
			bra #cmddone

		cmd_setctx:
			st b32 D[$r5] $r3
			bra #cmddone


		invalid_bitfield:
			or $r2 1
		dispatch_error:
		illegal_mthd:
			mov $r4 0x1000
			iowr I[$r4] $r2
			iowr I[$r4 + 0x100] $r3
			mov $r4 0x40
			iowr I[$r0] $r4

			im_loop:
				iord $r4 I[$r0 + 0x200]
				and $r4 0x40
				cmpu b32 $r4 0
			bra ne #im_loop

		cmddone:
		// remove the command from FIFO
		mov $r3 0x1d00
		mov $r4 1
		iowr I[$r3] $r4

	nocmd:
	// ack the processed interrupts
	and $r1 $r1 0xc
	iowr I[$r0 + 0x100] $r1
iret

cmd_query_get:
	// if bit 0 of param set, trigger interrupt afterwards.
	setp $p1 $r3
	or $r2 3

	// read PTIMER, beware of races...
	mov $r4 0xb00
	ptimer_retry:
		iord $r6 I[$r4 + 0x100]
		iord $r5 I[$r4]
		iord $r7 I[$r4 + 0x100]
		cmpu b32 $r6 $r7
	bra ne #ptimer_retry

	// prepare the query structure
	ld b32 $r4 D[$r0 + #ctx_query_counter]
	st b32 D[$r0 + #swap + 0x0] $r4
	st b32 D[$r0 + #swap + 0x4] $r0
	st b32 D[$r0 + #swap + 0x8] $r5
	st b32 D[$r0 + #swap + 0xc] $r6

	// will use target 0, DMA_QUERY.
	mov $xtargets $r0

	ld b32 $r4 D[$r0 + #ctx_query_address_high]
	shl b32 $r4 0x18
	mov $xdbase $r4

	ld b32 $r4 D[$r0 + #ctx_query_address_low]
	mov $r5 #swap
	sethi $r5 0x20000
	xdst $r4 $r5
	xdwait

	ret

cmd_cond_mode:
	// if >= 5, INVALID_ENUM
	bset $flags $p1
	or $r2 2
	cmpu b32 $r3 5
	bra nc #return

	// otherwise, no error.
	bclr $flags $p1

	// if < 2, no QUERY object is involved
	cmpu b32 $r3 2
	bra nc #cmd_cond_mode_queryful

		xor $r3 1
		st b32 D[$r0 + #ctx_cond_off] $r3
	return:
		ret

	cmd_cond_mode_queryful:
	// ok, will need to pull a QUERY object, prepare offsets
	ld b32 $r4 D[$r0 + #ctx_cond_address_high]
	ld b32 $r5 D[$r0 + #ctx_cond_address_low]
	and $r6 $r5 0xff
	shr b32 $r5 8
	shl b32 $r4 0x18
	or $r4 $r5
	mov $xdbase $r4
	mov $xtargets $r0

	// pull the first one
	mov $r5 #swap
	sethi $r5 0x20000
	xdld $r6 $r5

	// if == 2, only a single QUERY is involved...
	cmpu b32 $r3 2
	bra ne #cmd_cond_mode_double

		xdwait
		ld b32 $r4 D[$r0 + #swap + 4]
		cmpu b32 $r4 0
		xbit $r4 $flags z
		st b32 D[$r0 + #ctx_cond_off] $r4
		ret

	// ok, we'll need to pull second one too
	cmd_cond_mode_double:
	add b32 $r6 0x10
	add b32 $r5 0x10
	xdld $r6 $r5
	xdwait

	// compare COUNTERs
	ld b32 $r5 D[$r0 + #swap + 0x00]
	ld b32 $r6 D[$r0 + #swap + 0x10]
	cmpu b32 $r5 $r6
	xbit $r4 $flags z

	// compare RESen
	ld b32 $r5 D[$r0 + #swap + 0x04]
	ld b32 $r6 D[$r0 + #swap + 0x14]
	cmpu b32 $r5 $r6
	xbit $r5 $flags z
	and $r4 $r5

	// and negate or not, depending on mode
	cmpu b32 $r3 3
	xbit $r5 $flags z
	xor $r4 $r5
	st b32 D[$r0 + #ctx_cond_off] $r4
	ret

cmd_wrcache_flush:
	bclr $flags $p1
	mov $r2 0x2200
	clear b32 $r3
	sethi $r3 0x10000
	iowr I[$r2] $r3
	ret

sec_cmd_mode:
	// if >= 0xf, INVALID_ENUM
	bset $flags $p1
	or $r2 2
	cmpu b32 $r3 0xf
	bra nc #sec_cmd_mode_return

		bclr $flags $p1
		st b32 D[$r0 + #ctx_mode] $r3

	sec_cmd_mode_return:
	ret

sec_cmd_length:
	// nop if length == 0
	cmpu b32 $r3 0
	bra e #sec_cmd_mode_return

	// init key, IV
	cxset 3
	mov $r4 #ctx_key
	sethi $r4 0x70000
	xdst $r0 $r4
	mov $r4 #ctx_iv
	sethi $r4 0x60000
	xdst $r0 $r4
	xdwait
	ckeyreg $c7

	// prepare the targets
	mov $r4 0x2100
	mov $xtargets $r4

	// prepare src address
	ld b32 $r4 D[$r0 + #ctx_src_address_high]
	ld b32 $r5 D[$r0 + #ctx_src_address_low]
	shr b32 $r8 $r5 8
	shl b32 $r4 0x18
	or $r4 $r8
	and $r5 $r5 0xff

	// prepare dst address
	ld b32 $r6 D[$r0 + #ctx_dst_address_high]
	ld b32 $r7 D[$r0 + #ctx_dst_address_low]
	shr b32 $r8 $r7 8
	shl b32 $r6 0x18
	or $r6 $r8
	and $r7 $r7 0xff

	// find the proper prep & do functions
	ld b32 $r8 D[$r0 + #ctx_mode]
	shl b32 $r8 2

	// run prep
	ld b16 $r9 D[$r8 + #sec_dtable]
	call $r9

	// do it
	ld b16 $r9 D[$r8 + #sec_dtable + 2]
	call $r9
	cxset 1
	xdwait
	cxset 0x61
	xdwait
	xdwait

	// update src address
	shr b32 $r8 $r4 0x18
	shl b32 $r9 $r4 8
	add b32 $r9 $r5
	adc b32 $r8 0
	st b32 D[$r0 + #ctx_src_address_high] $r8
	st b32 D[$r0 + #ctx_src_address_low] $r9

	// update dst address
	shr b32 $r8 $r6 0x18
	shl b32 $r9 $r6 8
	add b32 $r9 $r7
	adc b32 $r8 0
	st b32 D[$r0 + #ctx_dst_address_high] $r8
	st b32 D[$r0 + #ctx_dst_address_low] $r9

	// pull updated IV
	cxset 2
	mov $r4 #ctx_iv
	sethi $r4 0x60000
	xdld $r0 $r4
	xdwait

	ret


sec_copy_prep:
	cs0begin 2
		cxsin $c0
		cxsout $c0
	ret

sec_store_prep:
	cs0begin 1
		cxsout $c6
	ret

sec_ecb_e_prep:
	cs0begin 3
		cxsin $c0
		cenc $c0 $c0
		cxsout $c0
	ret

sec_ecb_d_prep:
	ckexp $c7 $c7
	cs0begin 3
		cxsin $c0
		cdec $c0 $c0
		cxsout $c0
	ret

sec_cbc_e_prep:
	cs0begin 4
		cxsin $c0
		cxor $c6 $c0
		cenc $c6 $c6
		cxsout $c6
	ret

sec_cbc_d_prep:
	ckexp $c7 $c7
	cs0begin 5
		cmov $c2 $c6
		cxsin $c6
		cdec $c0 $c6
		cxor $c0 $c2
		cxsout $c0
	ret

sec_pcbc_e_prep:
	cs0begin 5
		cxsin $c0
		cxor $c6 $c0
		cenc $c6 $c6
		cxsout $c6
		cxor $c6 $c0
	ret

sec_pcbc_d_prep:
	ckexp $c7 $c7
	cs0begin 5
		cxsin $c0
		cdec $c1 $c0
		cxor $c6 $c1
		cxsout $c6
		cxor $c6 $c0
	ret

sec_cfb_e_prep:
	cs0begin 4
		cenc $c6 $c6
		cxsin $c0
		cxor $c6 $c0
		cxsout $c6
	ret

sec_cfb_d_prep:
	cs0begin 4
		cenc $c0 $c6
		cxsin $c6
		cxor $c0 $c6
		cxsout $c0
	ret

sec_ofb_prep:
	cs0begin 4
		cenc $c6 $c6
		cxsin $c0
		cxor $c0 $c6
		cxsout $c0
	ret

sec_ctr_prep:
	cs0begin 5
		cenc $c1 $c6
		cadd $c6 1
		cxsin $c0
		cxor $c0 $c1
		cxsout $c0
	ret

sec_cbc_mac_prep:
	cs0begin 3
		cxsin $c0
		cxor $c6 $c0
		cenc $c6 $c6
	ret

sec_cmac_finish_complete_prep:
	cs0begin 7
		cxsin $c0
		cxor $c6 $c0
		cxor $c0 $c0
		cenc $c0 $c0
		cprecmac $c0 $c0
		cxor $c6 $c0
		cenc $c6 $c6
	ret

sec_cmac_finish_partial_prep:
	cs0begin 8
		cxsin $c0
		cxor $c6 $c0
		cxor $c0 $c0
		cenc $c0 $c0
		cprecmac $c0 $c0
		cprecmac $c0 $c0
		cxor $c6 $c0
		cenc $c6 $c6
	ret

// TODO
sec_do_in:
	add b32 $r3 $r5
	mov $xdbase $r4
	mov $r9 #swap
	sethi $r9 0x20000
	sec_do_in_loop:
		xdld $r5 $r9
		xdwait
		cxset 0x22
		xdst $r0 $r9
		cs0exec 1
		xdwait
		add b32 $r5 0x10
		cmpu b32 $r5 $r3
	bra ne #sec_do_in_loop
	cxset 1
	xdwait
	ret

sec_do_out:
	add b32 $r3 $r7
	mov $xdbase $r6
	mov $r9 #swap
	sethi $r9 0x20000
	sec_do_out_loop:
		cs0exec 1
		cxset 0x61
		xdld $r7 $r9
		xdst $r7 $r9
		cxset 1
		xdwait
		add b32 $r7 0x10
		cmpu b32 $r7 $r3
	bra ne #sec_do_out_loop
	ret

sec_do_inout:
	add b32 $r3 $r5
	mov $r9 #swap
	sethi $r9 0x20000
	sec_do_inout_loop:
		mov $xdbase $r4
		xdld $r5 $r9
		xdwait
		cxset 0x21
		xdst $r0 $r9
		cs0exec 1
		cxset 0x61
		mov $xdbase $r6
		xdld $r7 $r9
		xdst $r7 $r9
		cxset 1
		xdwait
		add b32 $r5 0x10
		add b32 $r7 0x10
		cmpu b32 $r5 $r3
	bra ne #sec_do_inout_loop
	ret

.align 0x100
